February 7, 2013

Microsoft and Symantec are being hailed as cyber heroes after taking down a botnet controlling hundreds of thousands of computers yesterday (Feb. 6).

The Microsoft Digital Crimes Unit, in collaboration with security firm Symantec, disabled a network of infected computers that malicious hackers were using to commit fraud.

Using the Bamital botnet, the cyber-criminals were installing malware onto computers for two purposes: to steal victims’ personal data and to fraudulently charge businesses for online advertisement clicks.

Microsoft and Symantec research indicates more than eight million computers were attacked by Bamital in the past two years. Also victimized were major search engines and browsers, including those offered by Microsoft, Yahoo and Google.

“By taking down the cybercrime ring, more than 300,000 people around the world will regain control of their computers,” Richard Boscovich, assistant general counsel with Microsoft’s Digital Crimes Unit, said in a blog post.

“What’s most concerning is that these cybercriminals made people go to sites that they never intended to go to, and took control of the computer away from its owner,” Boscovich said. “Much like being coerced through a dark alleyway, this redirection would leave the person whose computer was already infected with Bamital more vulnerable to becoming targeted for other crimes, such as identity theft and additional malware infections.”

Microsoft filed a lawsuit Jan. 31, supported by a declaration from Symantec, against the botnet’s operators to sever all the communication lines between the botnet and the malware-infected computers under its control. Microsoft’s request was granted Feb. 6 and, later that day, Microsoft employees — escorted by the U.S. Marshals Service — seized evidence from web-hosting facilities in Virginia and New Jersey.

The botnet takedown rendered the computers of thousands of victims temporarily useless. Microsoft redirected the browsers of those affected to a website with directions on how to clean up their PCs.

Although the hackers behind the botnet remain faceless entities, it is believed they hail from Russia or another Eastern European country. The takedown, known as Operation b58, is the sixth botnet disruption operation in three years by Microsoft, and the second done in co-operation with Symantec.